How Much Security is Enough?

By  Tony Rizzo, Editor in Chief
There are numerous ways for employees to sidestep security measures - chief among them, simply knowing how to wipe out mobile device and user profiles. Users these days are knowledgeable and savvy when it comes down to having an understanding of how their smartphone and tablet operating systems work, and a determined user can and will find security work-arounds. There is a simple rule of thumb to avoid this scenario - ensure that your security and device management measures are “right-sized” for the level of mobile employee you are securing.

For example, a low level admin that doesn’t work for high level management and whose smartphone or tablet (almost always either an iOS or Android device) is only connected to an internal WiFi network does not need to have multiple layers of secure login access. In larger SMBs and the Fortune 1,000 the highest percentage of users will fall into this category.  High level management, on the other hand, may prove to have the lowest level of tolerance for dealing with security measures but also represents the class of mobile user that needs the highest levels of security and device management.

Effectively striking a strong balance between these two polar opposites requires careful use of corporate mobile policy management that delivers on carefully considered “just enough security” planning. The surest way around such issues is to ensure that the right types of security policies are automatically applied to every mobile device - and its user, and that these policies (which typically manifest themselves as mobile device management platform configurations) can be applied behind the scenes, with as little user interaction (or rather, with as little need for user interaction) as possible.

Lower level users who seek to defeat security measures can instantly be taken off the corporate network. This is the surest way to prevent security holes, although if enough users continue to look to disengage - some research studies suggest that the current number of users who attempt to do so is greater than 50% of the mobile workforce - it will deliver a heavy toll on productivity.

Today’s mobile device management platforms can easily detect such user actions and a company can take any number of measures to prevent it - including in the worst case, taking such actions as executing a complete device wipe and re-provisioning as needed.  Such policies are easy to pull off for lower end users, especially in the case of corporate-liable devices. It’s harder to do for end user-liable devices - which should always include signed BYOD policy enforcement “contracts” with any BYOD end user. Dealing with high level management is trickier - most executives will be up in arms if their mobile devices have critical business decision making data wiped or if their personal data is tampered with - and it’s safe to say that under most such scenarios it won’t be the executive’s position that will be on the line.